LibXfont, TightVNC: Multiple vulnerabilities
— GLSA 200705-10

Multiple vulnerabilities have been reported in libXfont and TightVNC,
allowing for the execution of arbitrary code with root privileges.

Affected Packages

Package

net-misc/tightvnc on all architectures

Affected versions

< 1.2.9-r4

Unaffected versions

>= 1.2.9-r4

Package

x11-libs/libXfont on all architectures

Affected versions

< 1.2.7-r1

Unaffected versions

>= 1.2.7-r1

Background

LibXfont is the X.Org font library. TightVNC is a VNC client/server for
X displays.

Description

The libXfont code is prone to several integer overflows, in functions
ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable().
TightVNC contains a local copy of this code and is also affected.

Impact

A local attacker could use a specially crafted BDF Font to gain root
privileges on the vulnerable host.